5G Security Challenges and Opportunities: A

System Approach
Ashutosh Dutta Eman Hammad
Applied Physics Lab Department of Computer Science
Johns Hopkins University Texas A&M University - Commerce/RELLIS
Baltimore, MD, USA College Station, TX, USA
Ashutosh.Dutta@jhuapl.edu eman.hammad@tamuc.edu

Abstract—The digital transformation brought by 5G is re- access to the next billion users on earth at much lower cost
defining current models of end-to-end connectivity and service because of its use of new spectrum and its improvements in
reliability to include security-by-design principles necessary to spectral efficiency [1]–[3]. An alternative view of the use-
enable 5G to achieve its promise. 5G trustworthiness high-
lights the importance of embedding security capabilities from cases and innovation that will be driven by 5G is illustrated
the very beginning while the 5G architecture is being defined by Figure 1. The Figure differentiates between four advanced
and standardized. Security requirements need to overlay and capabilities of 5G that are directly relating to innovation:
permeate through the different layers of the 5G systems (physical,
network, and application) as well as different parts of an E2E
5G architecture within a risk management framework that takes
into account the evolving security threats landscape. 5G presents
a typical use-case of wireless communication and computer
networking convergence, where 5G fundamental building blocks
include components such as Software Defined Networks (SDN),
Network Functions Virtualization (NFV) and the edge cloud.
This convergence extends many of the security challenges and
opportunities applicable to SDN/NFV and cloud to 5G networks.
Thus, 5G security needs to consider additional security require-
ments (compared to previous generations) such as SDN controller
security, hypervisor security, orchestrator security, cloud security,
edge security, etc. At the same time, 5G networks offer security
improvement opportunities that should be considered. Here, 5G
architectural flexibility, programmability and complexity can be
harnessed to improve resilience and reliability.
Fig. 1. Key dimensions of 5G Network - courtesy of 5G Lab Germany [4]
Index Terms—5G security, vulnerabilities, challenges, mitiga-
tion, resilience, performance, reliability • Massive Content: cellular network data rates increase
about 10x every five years and that’s going to leap
I. I NTRODUCTION ahead with 5G. This has big implications for mobile data
5G technologies provide ubiquitous connectivity while also networks.
addressing the demands of both individual consumers and • Massive IoT: 5G will enable connectivity of sensors,
businesses [1]. 5G technologies are expected to provide higher devices, objects, and so forth in a massive Internet of
throughput, and lower latency and a higher density and mo- Things network.
bility range without compromising reliability. By virtue of its • Massive Control: 5G will enable us to build infrastructure
flexibility and an agile development methodology that uses for remote controls, often known as, “tactile Internet.”
modular network functions, it supports various use cases that This means we can have an interaction with virtual envi-
are both scalable and cost effective. 5G can support exciting ronments just as we are used to from tactile interaction
use cases, including IoT, smart transportation, e-Health, smart with objects around us, which means real and virtual
cities, tactile computing and kinaesthetic communication, and object will be able to interact with a reaction time of one
Holographic interactions. 5G introduces a paradigm shift into to 10 milliseconds to enable a human to control things in
wireless mobile communication [1]. Not only is 5G evolu- a steady state that mimics reality.
tionary (providing higher bandwidth and lower latency than • Massive Resilience: in order to provide the massive sens-
current-generation technology), more importantly, 5G is rev- ing, massive IoT and massive control (low latency type
olutionary in that it is expected to enable fundamentally new applications) the network needs to flexible and adaptive
applications with much more stringent requirements in latency enough. SDN, NFV, Cloud RAN, Mobile Edge Cloud,
(e.g., real time) and bandwidth (e.g., streaming). 5G could help Network Slicing are some of the functions that are needed
solve the last-mile/-kilometer problem and provide broadband to support flexibility and availability.

109
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.
 In order to support various 5G use-cases and applications,
there is a critical need to design a secure and trusted end-to-
end network [5]. 5G networks need to be flexible, adaptive,
scalable and able to dynamically react to the changes in the
network quite rapidly. To better understand the security risks
and implications, this article proposes an approach to divide
the complex 5G ecosystem into domains/pillars to facilitate a
more focused discussion of the security threats and risks. This
would help better model and assess the cyber risks to the 5G
network itself and to 5G-enabled use-cases. The progress of
the 5G and beyond revolution may well be hindered if security
issues are not tackled early on while the systems are being
designed, standardized and deployed [2].
SDN and NFV are the main technologies needed in order
for 5G to support 5G-type applications. SDN/NFV typically
includes additional network components including: SDN con-
troller, Orchestrator, Hypervisor, Security Function Virtual-
ization, all of which introduce security risks. In addition
to SDN/NFV specific components, there are other network
functions such as cloud RAN, Mobile Edge Cloud (MEC)
and Network Slicing that enable optimal resource sharing and
support low latency applications. However, these additional
network functions also give rise to additional security risks.
Various standards bodies including 3GPP, IEEE, and ETSI
have been looking into security issues for 5G networks. Cao
et al. [6] provide a survey of security aspects of 5G networks
as defined in 3GPP. While these authors present an overview
of the network architecture and security functionality of the
3GPP’s 5G networks and focus on the new features and
techniques including the support of massive Internet of Things
(IoT) devices, Device to Device (D2D) communication, Vehi-
cle to Everything (V2X) communication, and network slice.
This paper does not address the threat taxonomy or security
pillars or opportunities and challenges associated with 5G.
ETSI NFV security working group [7] group has developed 12
different security specifications including problem statement,
best current practice for security virtualization, security moni-
toring and management specification, security for VNFs, how-
ever, those specifications have not done any end-to-end threat
analysis of 5G network, nor do these specifications discuss
about the security opportunities 5G. 5GPP Ensure project [8]
has developed 5G-ENSURE architecture for 5G networks that
revises the 3GPP security architecture from TS 33.401 and
integrates key features and the domain concept to support trust
models for a 5G beyond vision. This architecture however does
not provide a systems approach to threat taxonomy nor does it
discuss about security controls or mitigation techniques. This
paper complements the existing work in 5G security, fill some
of the gaps in threat taxonomy, and take a systems approach
to security by analyzing the threats at various parts of the
network and discusses the security pillars in more detail.
II. T HREAT M ODELLING
Figure 3 helps illustrate few example 5G threat vectors
including points of attack of various points of the 5G network.
The figure also highlights the potential sources of attacks
110
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.
(threat actors) in the network [9], [10]. These attacks could
come from many sources such as end devices, untrusted
networks, roaming networks, Internet, application service
providers. Knowledge about the types of attacks and network
assets that could be targeted helps to define the mitigation
techniques. Table 1 lists different types of cyber-attacks and a
description of how attackers can launch such attacks.
T1 through T10 illustrate different types of threat categories.
These are categorized as loss of availability, loss of confiden-
tiality, loss of integrity, loss of control, loss of integrity, loss
of control, malicious insider, and theft of service, respectively.
The attackers can launch these types of attacks by various
means and pose threats to the network assets. However, in
Table 2 we provide a few examples of threat categories and
attack mechanisms associated with these types of threats. For
example, an attacker can launch denial of service attack and
make the network unavailable by flooding a specific network
interface or crashing a network element. Similarly, an attacker
can launch a man-in-the-middle attacks to modify the traffic
by way of eavesdropping.
An attacker may also change the configuration of the
network element through management interface. There are also
theft of service type attacks and malicious insider attacks that
need to be dealt with. While Table 1 describes different types
of attacks and how an attacker could potentially demonstrate
these attacks, mitigation techniques are not spelt out here.
Various types of mitigation techniques and security controls
can be developed to take care of each of these threats.
Operators and service providers can analyze these potential
threats and devise their mitigation techniques accordingly.
Hence, a careful analysis of potential threats is needed and
mitigation techniques need to be developed. Tables II, III
and IV in section IV, highlight some mitigation techniques
associated with the threats posed by some 5G specific security
pillars, namely cloud RAN, mobile edge cloud and network
slicing, respectively.
III. 5G S ECURITY P ILLARS
Fig. 2. 5G Security Pillars
This work proposes establishing a high-level framework
to enable a holistic approach for studying 5G end-to-end

T HREAT TAXONOMY
No. Category Threat
T1 Flooding an interface
Loss of Availability
T2 Crashing a network element
T3 Eavesdropping
Loss of Confidentiality
T4 Data leakage
T5 Traffic modification
Loss of Integrity
T6 Data / Configuration modification
T7 Control the network
Loss of Control
T8 Compromise of network element
T9 Malicious Insider Insider threats
T10 Theft of Service Fraud or configuration modification
security for vertical use-cases. At the base of this approach is
distinguishing between different security domains/pillars for
5G networks which will help focus on both 1) identifying
system vulnerabilities as well as associated risks, and 2)
envisioning suitable mitigation techniques. Figure 2 illustrates
the security pillars identifies by this work thus far, where 5G
security needs to take into account all those pillars and their
interdependencies. We elaborate on some of those below
A. 5G VIRTUALIZATION / SOFTWARIZATION SECURITY
With the advent of virtualization, hypervisors and containers
are becoming more prevalent. While these technologies allow
multiple tenants and virtual network functions to reside on
the same physical hardware, they also increase the systems’
attack surface to threats such as data exfiltration, resource
starvation, and side channel attacks. Some applicable mitiga-
tion techniques that can be applied to such scenarios include
hypervisor introspection schemes and hypervisor hardening.
These mechanisms can protect a hypervisor’s code and data
from unauthorized modification and can guard against miscon-
figurations.
On the other hand, virtualization enables operators to dy-
namically provision security resources and functions such as
DDOS protection, intrusion detection system IDS, intrusion
prevention system (IPS), and firewall functionalities. However,
successful dynamic provisioning is dependent on other system
components such as the orchestrator, SDN controller, network
controller, and the NFV security orchestrator. Hence, this
dependence extends the risks and vulnerabilities of underlying
elements to the security functions themselves. Further risks in
security function virtualization stem from relevant integrated
automation techniques.
B. OPTIMIZATION / ORCHESTRATION SECURITY
5G resource allocation and optimization complexity levels
have motivated the increased utilization of artificial intelli-
gence (AI)/machine learning (ML) algorithms in the manage-
ment and orchestration layer. In an SDN/NFV environment,
an orchestrator could provision VNFs based on the network
condition and intelligence. For example, in case of overload
or security attacks,the orchestrator is notified of the condition
of the network and communicates with the SDN controller
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.
TABLE I
Description
Attackers flood an interface resulting in DoS condition (e.g. multiple authentication failure on
N1, N2 interface)
Attackers crash a network element by sending malformed packets
Attackers eavesdrop on sensitive data on control and bearer plane
Unauthorized access to sensitive data on the server (UDR, UDSF) profile, etc.)
Attackers modify information during transit in user plane N3 (SIP header modification, RTP
spoofing)
Attackers modify data on network element (change the NE configurations through Admin
interface)
Attackers control the network via protocol or implementation flaw
Attackers compromise of network element via management interface
Insiders make data modification on network elements, make unauthorized changes to NE
configuration, etc.
Attackers exploits a flaw to use services without being charged
that in turn controls the firewalls and routers to mitigate
the attacks. Simultaneously, the orchestrator can instantiate
additional VNFs as needed, and scale down as the attack sub-
sides. This built-in orchestration flexibility introduces potential
vulnerabilities, where an attacker may use legitimate access to
the orchestrator to manipulate its configuration in order to run
a compromised VNF.
C. SDN SECURITY
An SDN controller can enable dynamic security control
based on the intelligence gathered through north bound API
and then controlling the routers and switches through south
bound API. This improves network resilience and enhances
the ability to mitigate cyber-attacks quickly. However, an SDN
controller can be a target for attacks through its north bound
and south bound interfaces. SDN controllers can be targeted
by specific threat vectors including denial of service attacks;
REST API parameter exploitation; API flood attack; man-in-
the middle attack (MiTM), spoofing; protocol fuzzing, and
SDN controller impersonation. Proper mitigation mechanisms
need to be put in place to detect these kinds of attacks and take
appropriate mitigation techniques to ensure reliable operation
of the SDN controller.
D. 5G NETWORK SLICING SECURITY
While network slicing enables sharing resources in the
network more efficiently and facilitate the allocation of re-
sources to support different types of applications, these also
give rise to security concerns [11]. Proper security controls
must be implemented to ensure proper isolation of slices
and enabling trusted virtualization infrastructure. Such security
controls include slice categorization and adequate provisioning
of resources. Further, strong security controls must be imple-
mented to limit and secure information flow between slices.
This would prevent and mitigate many threats such as side-
channel attacks across slices, DoS attack via virtual resources
depletion, etc.
E. EDGE SECURITY
The increasingly critical role of the edge in 5G architecture
and use-cases amounts to high adverse impacts if the edge
111
 Fig. 3. 5G Threat Vectors
is compromised. When this is combined with the increased
threat surface as the edge extends to the end user, the edge
becomes an attractive target for cyber-attacks. This is further
complicated as the edge hosts security controls such as au-
thentication, authorization and real-time attack detection to
provide security controls for other 5G use-cases (as it has
been illustrated previously). Security controls on the edge
should also consider complex and multi-step user handling
scenarios, such as in the case of subscriber authentication
with a visited network, for a low-latency application. In this
case, delay constraints will make authenticating against the
HSS infeasible, and alternative solution should be considered.
Strong layered security controls must be implemented on the
edge to provide adequate protection and availability for the
security functions, and any sensitive security contexts that
may be stored on the edge, or communicated between the
edge and the core. Proper separation of third-party applications
and management/network functions would help minimize risks
of bi-lateral movement to 5G control plane. Computationally
feasible trust platforms could help limiting the attack surface
from the user/RAN side.
F. SUPPLY CHAIN SECURITY
The continuing increased trend of leveraging commodity
modular hardware and software is introducing a multitude
of security risks. Example risks include backdoors, dor-
mant malicious code or compromised hardware certificates.
Promising solutions will need to address this on multiple
levels—computationally feasible trust platforms similar to
blockchain will enable establishing some security controls
over commodity hardware and integrated software. However,
capabilities in security monitoring and anomaly detection in
112
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.
the 5G NFV would need to evolve to enable attacks or
malicious incidents detection/prediction.
G. OPEN SOURCE/API SECURITY
Currently, there are various open source activities that
expedite the deployment of SDN/NFV and 5G. These in-
clude Open Networking Foundation (ONF), OPNFV, Open
Day Light, Open Network Operating System (ONOS), Open
vSwitch (OVS), and the Linux Foundation among others.
Operator community and vendor community are collaborating
to develop open source that can be scalable and reliable enough
to be deployed. While open source has various opportunities
such as flexibility and agility, faster time to market, cost-
effectiveness, long-term cost savings, reducing the vendor
lock-in, and better information security. However, open source
is also challenged with various issues, namely level of sup-
port, intellectual property concerns, lack of documentation
and graphical user interfaces (GUIs), extent of customization
needed for various use cases. All of these also give rise to
security concerns that need to be addressed by the open source
community.
H. DATA SECURITY AND PRIVACY
Data will be an integrated part of 5G, where the different
types of data (including user data, data about the users, system
configurations, system logs and monitoring data) will be used
to 1) enable core functions and use-cases, and 2) enable
automation of decision-making in applications and system
management and orchestration. From a security perspective
several cases should be considered here including classification
and proper protection for at-rest and in-transit data. Privacy
should be taken into account when designing/configuring the
system to ensure only necessary data is collected and stored.
Data sharing between subsystems of 5G, and across use-cases
and slices should have a structured framework with defined
objectives, monitoring and controls.
I. PREDICTIVE SECURITY/MONITORING & ANALYTICS
While it may be effective to detect cyber-attacks quickly and
be able to mitigate in a timely manner, stopping the attacks
altogether by taking proactive measures is also desirable. This
can be achieved by applying AI/ML techniques for anomaly
detection, enabling behavior analytics of bad actors through
traffic analysis and deep packet inspection, combined with the
analysis of past attacks. This approach could improve Zero-
Day attacks detection and mitigation.
Digital forensics solutions have evolved in the last years
to address new challenges imposed by a contextual change.
As 5G enables critical use cases, it should incorporate and
enable digital forensic solutions to increase the trustworthiness
in the 5G infrastructure from a user-centric perspective. It must
be known that, if something happens (malfunction, error or
cybercrime), the appropriate technologies will be available to
help in the process of identifying the problem and establishing
responsibilities.
IV. O PPORTUNITIES , C HALLENGES AND M ITIGATION
T ECHNIQUES
In this section we focus on three 5G enablers, namely cloud
RAN, Edge Cloud, and Network Slicing as described in Figure
2. We expand on some of the capabilities offered by the 5G
enablers, related security challenges and potential mitigation
approaches. We further highlight how capabilities of those
enablers present unique opportunities to improve security [2],
[5], [12], [13].
Table II lists the opportunities offered by cloud RAN
deployment, associated security challenges, and potential mit-
igation techniques associated with each of these security chal-
lenges. It further expands on security benefits of cloud RAN.
A similar treatment for both Mobile Edge Cloud and Network
Slicing is included in Table III and Table IV, respectively.
A. Collaborative Efforts
Scale and complexity of securing 5G and beyond requires
coordinated and focused efforts between Enabling Technolo-
gies and Organizational Capabilities (Education, Regulators,
Infrastructures, Policy):
• Industry and academia: Further development is
needed to achieve computationally feasible and tamper-
proof trust platforms, AI/ML algorithms for predic-
tive/protective security decision making, cross-domain
anomaly detection, data sharing platforms with privacy
controls, etc.
• Standards and regulatory: An end-to-end security re-
quires a strongly coordinated and agile standards de-
velopment including the different standardization bodies.
An additional standardization effort might be required to
provide governance, align and synchronize 5G security
standardization efforts to ensure minimal gaps if any.
113
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.
• Open Source/API community: It is important to make
sure that the Open Source software goes through proper
review process and there is proper documentation avail-
able. The code also needs to be reviewed thoroughly.
• Government: Security and Privacy compliance should be
strictly enforced (lessons can be taken from Energy and
Utilities industry).
V. C ONCLUSION
Finally, following are some key takeaways that we need
to keep in mind as we begin to deploy future networks
while taking care of security. Emerging services are evolving
rapidly and will be all pervasive, and these applications are
not only bandwidth intensive but also have stringent latency
and control requirements. Hence, 5G networks need to be
designed to be adaptable, resilient, and flexible to support these
applications. 5G technologies such as SDN and NFV are the
foundation to support 5G type services. These technologies
will be utilized to enable the network functionality as well as
the much of the security controls, thus underlying the extreme
importance of a comprehensive security architecture. This is
essential to address security challenges introduced by SDN,
NFV and 5G. Operators, vendors, academia, research labs, and
regulators need to work together to form a security ecosystem
for future networks with continuously emerging technologies
and evolving threat landscape. Further, it is important to utilize
Standards, Testbeds, and Proof-of-concepts on various security
use cases to act as catalysts for SDN/NFV and 5G deployment
and benefits realization.
R EFERENCES
[1] 3gpp, “The mobile Boradbacnd Standard.” www.3gpp.org. Accessed:
June 30, 2020.
[2] IEEE, “IEEE Future Networks Enabling 5G and Beyond.”
https://futurenetworks.ieee.org/. Accessed: June 30, 2020.
[3] ngmn, “Next Generation Mobile Networks Alliance.” www.ngmn.org.
Accessed: June 30, 2020.
[4] 5G Lab Germany, “5G Lab Germany.” https://5glab.de//. Accessed: June
30, 2020.
[5] Ericsson, “A look at key innovation areas of 3GPP Rel-17.”
https://www.ericsson.com/en/blog/2019/12/3gpp-rel-17. Accessed: June
30, 2020.
[6] J. Cao, M. Ma, H. Li, R. Ma, Y. Sun, P. Yu, and L. Xiong, “A survey on
security aspects for 3gpp 5g networks,” IEEE Communications Surveys
& Tutorials, vol. 22, no. 1, pp. 170–195, 2019.
[7] ETSI, “ETSI Network Functions Virtualisation (NFV) Specifications.”
https://www.etsi.org/deliver/etsi gs/NFV-SEC/001 099/. Accessed: Au-
gust 9, 2020.
[8] 5G PPP, “5G Eenablers For Network and System Security and Re-
silience.” https://5g-ppp.eu/5g-ensure/. Accessed: August 9, 2020.
[9] GSMA, “Mobile Telecommunications Security Threat Landscape.”
https://www.gsma.com/security/wp-content/uploads/2019/03/GSMA-
Security-Threat-Landscape-31.1.19.pdf. Accessed: June 30, 2020.
[10] Z. Tian, Y. Sun, S. Su, M. Li, X. Du, and M. Guizani, “Automated attack
and defense framework for 5g security on physical and logical layers,”
arXiv preprint arXiv:1902.04009, 2019.
[11] fundarc, “3gpp Network Slicing Requirements.” https://fundarc-
comm.xgnlab.com/2018/07/3gpp-5g-network-slicing-requirements.html.
Accessed: June 30, 2020.
[12] huawei, “The Cybersecurity Framework and 5G RAN.”
http://huaweihub.com.au/wp-content/uploads/2018/07/Huawei-
Cybersecurity-Framework-and-5G-RAN-Whitepaper.pdf. Accessed:
June 30, 2020.
 TABLE II
S ECURITY OPPORTUNITIES AND CHALLENGES FOR CLOUD RAN

5G Capabilities Potential Security Challenges Potential Mitigation

The 5G networks will facilitate many more devices Huge number of infected M2M/IOT devices that at- Hypervisor Separation, Intelligent VM resource allo-
(IoT) accessing the RAN with shared access. tempt to gain access resulting in shared resource star- cations, vFirewalls
vation, VM/Guest OS manipulation, data exfiltration
Programmability and Virtualization of RAN will adapt Programmable and Software RAN will increase the Use of analytical techniques like anomaly detection
to dynamic nature of traffic and multi provider access chance of Man-In-The-Middle Attack at the base sta- can be leveraged for such analysis
tion
Resource starvation at cRAN VNFs by additional Hypervisor separation, capping of resources
vFirewall functions during DDOS attack
External flooding attacks may be launched by a botnet Develop DDoS detection and mitigation functions into
consisting of large number of bots and Distributed Cloud RAN functions
Denial of Service (DDoS)
Jamming can be launched against control-plane signal- Deploy DDOS detection, IDS, vFirewall functions,
ing or user-plane data messages Dynamic Service Chaining
Potential Security Opportunities/Benefits
SoftRAN (cRAN) in 5G networks will have embedded DoS detection and mitigation functions
Dynamic Radio Resource Scheduling would significantly reduce the risk of jamming attacks targeting mission critical devices
Access to control plane and media plane at the base station will enable security monitoring of traffic

TABLE III
S ECURITY OPPORTUNITIES AND CHALLENGES FOR M OBILE -E DGE (MEC)

5G Capabilities Potential Security Challenges Potential Mitigation

Server Computation at the edge of the network.
Security Context at the Edge of the network.
MEC Servers provide caching, local processing and
application aware optimization
Reduced handover time and Data off-loading
Reduced Latency for authentication for time sensitive
applications
Potential Security Opportunities/Benefits
The Edge provides an opportunity to embed security detection and mitigation functions to stop and isolate attacks before they can impact other parts of the 5G
network.
If third party applications are run on the same platform
as network functions, there are risks of poorly designed
applications that allow the hackers to infiltrate the
platform
Sensitive security assets are compromised at virtual-
ized functions at the edge. Man-In-The-Middle Attack
at the Mobile Edge Server
Persistent caching of old Security Association by both
the UE and visited network will weaken security by
way of cache poisoning, cache overwhelming
Attacker can gain connectivity or carry out a spoof-
ing, eavesdropping or data manipulation attack during
context transfer
Subscriber authentication within the visited network
gives rise to additional security vulnerabilities at the
edge of the network
Run both the edge computing applications and the
network function(s) in robustly segregated virtual ma-
chines.
Sensitive Security Assets stored at the mobile edge
should be encrypted
Understand the security implications and take mea-
sures to protect these caches.
Encrypted transfer of security context, IDS/IPS for
proper monitoring and mitigation, proper security level
Reuse old security association (SA), while in the
meantime running AKA and acquiring a new security
association. Delegate some of the HSS functions to the
visited network such as Delegated Subscriber Server
(DSS).

TABLE IV
S ECURITY OPPORTUNITIES AND CHALLENGES FOR N ETWORK S LICING

5G Capabilities Potential Security Challenges Potential Mitigation

Network slicing enables service differentiation and Controlling Inter-Network Slices Communications Proper security mechanism to ensure operations within
meeting end-user SLAs. expected parameters and security needs
Allocates appropriate amount of network resources to Denial of service to other slices – attacker may exhaust Capping of resources for individual slices, Ring-
a specific slice based on service (e.g. IOT, Priority resources common to multiple slices fencing resources for individual slices to guarantee
services) minimum level of resource
Overcomes all the drawbacks of ”DiffServ-based” QoS Attacker attacks the resources in slice A and in turn Ring-fence the network resource for security protocols
solution. slice B’s resources get exhausted so that the slice has always has the ability in spite of
resource exhaustion in other slices.
Enables the operators to provide networks on an as- Side Channel attacks across slices extract information Avoid co-hosting the slices that have very different
service-basis that minimizes CAPEX and OPEX. about cryptographic keys levels of sensitivity on the same hardware. Hypervisor
hardening
A single network can offer various services based on If UE is attached to several slices. UE may receive Security mechanisms to address this should exist in the
the requirements of the user and various use cases. sensitive data via one slice and publish data via other network and potentially in UE.
slice.
Vastly improves operational efficiency and time to Impersonation attacks against a Network slice instance All virtual functions within a Network Slice instance
market for the delivery of 5G network services. within an operator network need be authenticated and their verified.
Potential Security Opportunities/Benefits
Network Slicing provides a native approach to isolate highly sensitive contexts or applications which would be very beneficial for several security use cases.
Slice specific SLAs enable a context-aware orchestration and optimization of security virtual functions.

[13] fortinet, “Heavy Reading’s 2019 5G Security Survey.”

https://www.fortinet.com/content/dam/fortinet/assets/analyst-
reports/Heavy-Reading-5G-Security-Survey-Report.pdf. Accessed:
June 30, 2020.

114
Authorized licensed use limited to: University of New South Wales. Downloaded on November 02,2020 at 03:01:12 UTC from IEEE Xplore. Restrictions apply.